Claim Amendments 

Claims 3 and 21 have been amended. Claims 1, 2, 4-20 
and 22-28 are unchanged. The following listing of claims 
replaces all previous versions of the claims in the application. 

Listing of Claims 

1. (original) A method for using multi-layer 
identity-based encryption (IBE) to securely convey a message 
containing message data over a communications network from a 
sender to a recipient, comprising: 

at the sender, encrypting the message using at 
least two layers of IBE encryption by using an inner layer of 
message encryption having an associated inner-layer IBE public 
key to encrypt the message data and by using an outer layer of 
message encryption having an associated outer-layer IBE public 
key to encrypt the inner-layer IBE public key; 

sending the encrypted message to the recipient; 

and 

at the recipient, decrypting the encrypted 
message using an outer-layer IBE private key corresponding to 
the outer-layer IBE public key and using an inner-layer IBE 
private key corresponding to the inner layer IBE public key. 

2. (original) The method defined in claim 1 wherein 
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using the outer layer of message encryption to encrypt the 
inner-layer IBE public key comprises encrypting the inner-layer 
IBE public key with the outer-layer IBE public key without using 
a symmetric key. 

3. (currently amended) Tho method defined in claim 1 

A method for using multi-layer identity-based encryption (IBE) 
to securely convey a message containing message data over a 
communications network from a sender to a recipient, comprising: 

at the sender, encrypting the message using at 
least two layers of IBE encryption by using an inner layer of 
message encryption having an associated inner-layer IBE public 
key to encrypt the message data and by using an outer layer of 
message encryption having an associated outer-layer IBE public 
key to encrypt the inner-layer IBE public key; 

sending the encrypted message to the recipient; 

and 

at the recipient, decrypting the encrypted 
message using an outer-layer IBE private key corresponding to 
the outer-layer IBE public key and using an inner-layer IBE 
private key corresponding to the inner layer IBE public key, 
wherein using the outer layer of message encryption to encrypt 
the inner-layer IBE public key comprises encrypting the inner- 
layer IBE public key with a symmetric key and encrypting the 
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symmetric key with the outer-layer IBE public key. 

4. (previously presented) The method defined in 
claim 3 wherein sending the encrypted message to the recipient 
comprises sending the encrypted inner-layer IBE public key to 
the recipient with the encrypted message, and wherein decrypting 
the encrypted message at the recipient further comprises using 
the outer-layer IBE private key in decrypting the encrypted 
inner-layer IBE public key to produce an unencrypted version of 
the inner-layer IBE public key at the recipient. 

5. (original) The method defined in claim 1 wherein 
encrypting the message comprises encrypting the message using at 
least three layers of IBE encryption and wherein the outer layer 
is not an outermost layer. 

6. (original) The method defined in claim 1 wherein 
encrypting the message comprises encrypting the message using a 
symmetric key. 

7. (original) The method defined in claim 6 wherein 
encrypting the message comprises encrypting the message data 
using the symmetric key and encrypting the symmetric key using 
the inner-layer IBE public key. 
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8. (original) The method defined in claim 7 wherein 
encrypting the message further comprises encrypting the inner- 
layer IBE public key using the outer-layer IBE public key. 

9. (original) The method defined in claim 8 wherein 
the message data that has been encrypted using the symmetric key 
and the inner layer IBE public key that has been encrypted using 
the outer-layer IBE public key are sent to the recipient with 
the message and wherein decrypting the message at the recipient 
comprises : 

using the outer-layer IBE private key to decrypt 
the inner-layer IBE public key that has been encrypted using the 
outer-layer IBE public key; 

using inner-layer IBE private key to decrypt the 
symmetric key that has been encrypted using the inner-layer IBE 
public key; and 

using the symmetric key that has been decrypted 
using the inner-layer IBE private key to decrypt the message 
data that was encrypted using the symmetric key. 

10. (previously presented) The method defined in 
claim 1 wherein the outer-layer IBE public key is less sensitive 
than the inner-layer IBE public key and wherein encrypting the 
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message comprises using the outer-layer IBE public key to 
encrypt the inner-layer IBE public key to conceal the inner- 
layer IBE public key during transmission from the sender to the 
recipient . 

11. (original) The method defined in claim 10 wherein 
encrypting the message comprises encrypting the message using at 
least three layers of IBE encryption and wherein the outer layer 
is not an outermost layer. 

12. (original) The method defined in claim 1 wherein 
the message data is provided in an XML data structure containing 
data attributes of the message data, the method further 
comprising using at least some of the data attributes in forming 
the inner-layer IBE public key and the outer-layer IBE public 
key. 

13. (original) The method defined in claim 12 wherein 
at least one of the data attributes has an associated 
sensitivity level and wherein encrypting the message data 
comprises using the sensitivity level in determining how to 
encrypt the message. 

14. (original) The method defined in claim 13 further 
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comprising : 

at the sender, obtaining information on the 
associated sensitivity level in the form of an XML record. 

15. (original) The method defined in claim 1 wherein 
the message comprises content having an age-based access policy 
criteria and wherein encrypting the message comprises using the 
age-based access criteria as at least part of the inner-layer 
IBE public key. 

16. (original) The method defined in claim 1 wherein 
encrypting the message comprises encrypting an email message. 

17. (original) The method defined in claim 1 wherein 
encrypting the message comprises encrypting an instant message. 

18. (previously presented) The method defined in 
claim 1 wherein the inner-layer IBE public key and the outer- 
layer IBE public key have overlapping components and wherein 
encrypting the message comprises performing the inner layer of 
the message encryption using the inner-layer IBE public key that 
has overlapping components. 

19. (original) The method defined in claim 1 wherein 
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encrypting the message further comprises using an additional- 
layer IBE public key to perform an additional layer of IBE 
encryption on the message, wherein the additional-layer IBE 
public key is less sensitive than the outer-layer IBE public key 
and is used to encrypt the outer-layer IBE public key. 

20. (original) The method defined in claim 19 wherein 
the inner-layer IBE public key, the outer-layer IBE public key, 
and the additional-layer IBE public key each have corresponding 
IBE public key components and wherein each IBE public key 
component in the additional-layer IBE public key is contained in 
the outer-layer IBE public key and wherein each IBE public key 
component in the outer-layer IBE public key is contained in the 
inner-layer IBE public key. 

21. (currently amended) A method for using identity- 
based-encryption (IBE) to securely convey a message having 
message data M from a sender to a recipient over a 
communications network, comprising: 

encrypting the message by performing at least an 
inner layer of IBE encryption and an outer layer of IBE 
encryption at the sender, wherein: 

performing the inner layer of IBE encryption 
includes encrypting the message data M using a symmetric key S 
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to produce encrypted message data M s and encrypting the symmetric 
key S using an IBE public key QG associated with the inner layer 
of IBE encryption to produce an IBE-encrypted symmetric message 
key S QG , and 

performing the outer layer of IBE encryption 
includes using a layer of message encryption having an 
associated IBE public key QL to encrypt the inner layer IBE 
public key QL key QG , wherein the IBE public key QL is less 
sensitive than the IBE public key QG; and 

sending at least the encrypted message data M 3 , 
the IBE-encrypted symmetric message key S QG , and an encrypted 
version of the IBE public key QG to the recipient. 

22. (original) The method defined in claim 21 further 
comprising sending the IBE public key QL to the recipient. 

23. (previously presented) The method defined in 
claim 21 wherein: 

performing the outer layer of IBE encryption 
comprises encrypting the IBE public key QG using the IBE public 
key QL to produce an IBE-encrypted public key QG QL ; and 

sending the encrypted version of the IBE public 
key QG to the recipient comprises sending QG QL to the recipient. 
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24. (original) The method defined in claim 21 wherein 
a symmetric key S' is used in performing the outer layer of IBE 
encryption by encrypting the IBE public key QG using the 
symmetric key S' to produce QG S - . 

25. (original) The method defined in claim 24 wherein 
performing the outer layer of IBE encryption comprises 
encrypting the symmetric key S' with the IBE public key QL to 
produce an IBE-encrypted symmetric key S' QL . 

26. (previously presented) The method defined in 
claim 25 wherein sending the encrypted version of the IBE public 
key QG to the recipient comprises sending QG S ' and S ' QL to the 
recipient . 

27. (original) The method defined in claim 21 wherein 
the recipient has an identity and wherein the IBE public key QL 
is based on the recipient's identity, the method further 
comprising performing the outer layer of IBE encryption using 
the IBE public key QL that is based on the recipient's identity. 

28. (original) The method defined in claim 21 wherein 
the recipient has an email address and wherein the IBE public 
key QL is based on the recipient's email address, the method 
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further comprising performing the outer layer of IBE encryption 
using the IBE public key QL that is based on the recipient's 
email address. 
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